本次搭建日誌收集系統是個小demo。用到的工具有 鏈接:https://pan.baidu.com/s/1m_If2crjUtMTqRKuKrG9gw
提取碼:n9oi ,工具和代碼工程都在都在這裏。
日誌收集的流程如下。這裏只是實現了到kibana
一.配置java項目配置文件
這裏用的日誌爲log4j2。
maven依賴
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<!-- 排除spring-boot-starter-logging -->
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- log4j2 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>com.lmax</groupId>
<artifactId>disruptor</artifactId>
<version>3.3.4</version>
</dependency>
下面是log4j2.xml,這裏最重要的是對日誌的格式化處理。
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="INFO" schema="Log4J-V2.0.xsd" monitorInterval="600" >
<Properties>
<Property name="LOG_HOME">logs</Property>
<property name="FILE_NAME">collector</property>
<property name="patternLayout">[%d{yyyy-MM-dd'T'HH:mm:ss.SSSZZ}] [%level{length=5}] [%thread-%tid] [%logger] [%X{hostName}] [%X{ip}] [%X{applicationName}] [%F,%L,%C,%M] [%m] ## '%ex'%n</property>
</Properties>
<Appenders>
<Console name="CONSOLE" target="SYSTEM_OUT">
<PatternLayout pattern="${patternLayout}"/>
</Console>
<RollingRandomAccessFile name="appAppender" fileName="${LOG_HOME}/app-${FILE_NAME}.log" filePattern="${LOG_HOME}/app-${FILE_NAME}-%d{yyyy-MM-dd}-%i.log" >
<PatternLayout pattern="${patternLayout}" />
<Policies>
<TimeBasedTriggeringPolicy interval="1"/>
<SizeBasedTriggeringPolicy size="500MB"/>
</Policies>
<DefaultRolloverStrategy max="20"/>
</RollingRandomAccessFile>
<RollingRandomAccessFile name="errorAppender" fileName="${LOG_HOME}/error-${FILE_NAME}.log" filePattern="${LOG_HOME}/error-${FILE_NAME}-%d{yyyy-MM-dd}-%i.log" >
<PatternLayout pattern="${patternLayout}" />
<Filters>
<ThresholdFilter level="warn" onMatch="ACCEPT" onMismatch="DENY"/>
</Filters>
<Policies>
<TimeBasedTriggeringPolicy interval="1"/>
<SizeBasedTriggeringPolicy size="500MB"/>
</Policies>
<DefaultRolloverStrategy max="20"/>
</RollingRandomAccessFile>
</Appenders>
<Loggers>
<!-- 業務相關 異步logger -->
<AsyncLogger name="com.an.*" level="info" includeLocation="true">
<AppenderRef ref="appAppender"/>
</AsyncLogger>
<AsyncLogger name="com.an.*" level="info" includeLocation="true">
<AppenderRef ref="errorAppender"/>
</AsyncLogger>
<Root level="info">
<Appender-Ref ref="CONSOLE"/>
<Appender-Ref ref="appAppender"/>
<AppenderRef ref="errorAppender"/>
</Root>
</Loggers>
</Configuration>
在文件中有一些自定義的屬性,用MDC放入對應的屬性
MDC工具類
package com.an.collector.util;
import org.jboss.logging.MDC;
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
@Component
public class InputMDC implements EnvironmentAware {
private static Environment environment;
@Override
public void setEnvironment(Environment environment) {
InputMDC.environment = environment;
}
public static void putMDC() {
MDC.put("hostName", NetUtil.getLocalHostName());
MDC.put("ip", NetUtil.getLocalIp());
MDC.put("applicationName", environment.getProperty("spring.application.name"));
}
}
這裏只是打印了幾條日誌進行測試
二.filebeat安裝
filebeat抓取工程生產的log,到kafka中。
1.解壓
tar -zxvf filebeat-6.4.3-linux-x86_64.tar.gz -C /usr/local/
2.修改名稱
mv filebeat-6.4.3-linux-x86_64/ filebeat-6.4.3
3.配置filebeat.yml
vim /usr/local/filebeat-6.4.3/filebeat.yml
filebeat.prospectors:
- inpput_type: log
paths:
- /usr/local/logs/app-collector.log
document_type: "app-log"
multiline:
pattern: '^\[' #指定匹配的表達式(匹配以[開頭的表達式)
negate: true #是否匹配到
match: after #合併到上一行的末尾
max_lines: 2000 # 最大的行數
timeout: 2s #如果沒有新的日誌,就輸出
fields:
logbiz: collector
logtopic: app-log-collector ## 按服務劃分用作kafka topic
evn: dev
- inpput_type: log
paths:
- /usr/local/logs/error-collector.log
document_type: "orror-log"
multiline:
pattern: '^\[' #指定匹配的表達式(匹配以[開頭的表達式)
negate: true #是否匹配到
match: after #合併到上一行的末尾
max_lines: 2000 # 最大的行數
timeout: 2s #如果沒有新的日誌,就輸出
fields:
logbiz: collector
logtopic: error-log-collector ## 按服務劃分用作kafka topic
evn: dev
output.kafka:
# Array of hosts to connect to.
ebable: true
hosts: ["192.168.1.101:9092"]
topic: '%{[fields.logtopic]}'
partition.hash:
reachable_only: true
compression: gzip
max_message_bytes: 1000000
required_acks: 1
logging.to_files: true
4.檢查yml文件是否正確
cd /usr/local/filebeat-6.4.3
./filebeat -c filebeat.yml -configtest
## Config OK
5.啓動filebeat
/usr/local/filebeat-6.6.0/filebeat &
ps -ef | grep filebeat
三.安裝kafka
1.解壓
tar -zxvf kafka_2.11-0.11.0.0.tgz -C /opt/module/
2.修改名稱
mv kafka_2.11-0.11.0.0/ kafka
3.在kafka文件夾下創建log文件夾
mkdir logs
4.修改配置文件
cd config/
vim server.properties
主要修改以下配置
#broker的全局唯一編號,不能重複
broker.id=0
#刪除topic功能使能
delete.topic.enable=true
#kafka運行日誌存放的路徑
log.dirs=/opt/module/kafka/logs
#配置連接Zookeeper集羣地址
zookeeper.connect=hadoop101:2181,hadoop102:2181,hadoop103:2181
5.修改環境變量
sudo vi /etc/profile
加入
#KAFKA_HOME
export KAFKA_HOME=/opt/module/kafka
export PATH=$PATH:$KAFKA_HOME/bin
source /etc/profile
這裏我配置的三臺kafka集羣,所以其他兩臺也按這樣的步驟部署並修改配置文件。注意:配置文件中的broker.id=1、broker.id=2
6.羣起kafka腳本
case $1 in
"start"){
for i in hadoop101 hadoop102 hadoop103
do
echo " --------啓動 $i Kafka-------"
# 用於KafkaManager監控
ssh $i "export JMX_PORT=9988 && /opt/module/kafka/bin/kafka-server-start.sh -daemon /opt/module/kafka/config/server.properties "
done
};;
"stop"){
for i in hadoop101 hadoop102 hadoop103
do
echo " --------停止 $i Kafka-------"
ssh $i "/opt/module/kafka/bin/kafka-server-stop.sh stop"
done
};;
esac
四.安裝logstash和elasticsearch
我的上一篇文章已經寫過logstash和elasticsearch的安裝。地址:https://blog.csdn.net/qq_29963323/article/details/106573303
這裏主要在logstash中加一個配置文件,以這個配置文件啓動logstash
進入logstash
cd /usr/local/logstash-6.4.3/
創建script文件夾並創建yml文件
mkdir script
vim logstash.yml
input{
kafka{
# app-log-服務名稱
topics_pattern => "app-log-.*"
bootstrap_servers => "192.168.1.101:9092"
codec => json
consumer_threads => 4 # 增加consumer的並行消費線程數
decorate_events => true
# auto_offset_rest => "latest"
group_id => "app-log-group"
}
kafka{
# app-log-服務名稱
topics_pattern => "error-log-.*"
bootstrap_servers => "192.168.1.101:9092"
codec => json
consumer_threads => 1 # 增加consumer的並行消費線程數
decorate_events => true
# auto_offset_rest => "latest"
group_id => "error-log-group"
}
}
filter{
## 時區轉換
ruby{
code => "event.set('index_time',event.timestamp.time.localtime.strftime('%Y.%m.%d'))"
}
if "app-log" in [fields][logtopic]{
grok{
## 表達式
match => ["message","\[%{NOTSPACE:currentDateTime}\] \[%{NOTSPACE:level}\] \[%{NOTSPACE:thread-id}\] \[%{NOTSPACE:class}\] \[%{DATA:hostName}\] \[%{DATA:ip}\] \[%{DATA:applicationName}\] \[%{DATA:location}\] \[%{DATA:messageInfo}\] ## (\'\'|%{QUOTEDSTRING:throwable})"]
}
}
if "error-log" in [fields][logtopic]{
grok{
## 表達式
match => ["message","\[%{NOTSPACE:currentDateTime}\] \[%{NOTSPACE:level}\] \[%{NOTSPACE:thread-id}\] \[%{NOTSPACE:class}\] \[%{DATA:hostName}\] \[%{DATA:ip}\] \[%{DATA:applicationName}\] \[%{DATA:location}\] \[%{DATA:messageInfo}\] ## (\'\'|%{QUOTEDSTRING:throwable})"]
}
}
}
output{
stdout{ codec => rubydebug }
}
# elasticsearch
output{
if "app-log" in [fields][logtopic]{
elasticsearch{
##host=>"192.168.1.1"
##port=>"9200"
##配置ES地址
hosts=>["192.168.1.101:9200"]
#用戶名密碼
user => "esuser"
password => "123456"
##索引名字,必須小寫
index=>"app-log-%{[fields][logbiz]}-%{index_time}"
##是否嗅探集羣ip
sniffing => true
# 重寫模板
template_overwrite=>true
# 默認爲true,false關閉ogstash自動管理模板功能,如果自定義模板,則設置爲false
manage_template=>false
}
}
if "error-log" in [fields][logtopic]{
elasticsearch{
##host=>"192.168.1.1"
##port=>"9200"
##配置ES地址
hosts=>["192.168.1.101:9200"]
#用戶名密碼
user => "esuser"
password => "123456"
##索引名字,必須小寫
index=>"error-log-%{[fields][logbiz]}-%{index_time}"
##是否嗅探集羣ip
sniffing => true
# 重寫模板
template_overwrite=>true
}
}
}
啓動logstash
/usr/local/logstash-6.4.3/bin/logstash -f /usr/local/logstash-6.4.3/script/logstash.yml
五.安裝kibana
1.解壓
tar -zxvf kibana-6.3.1-linux-x86_64.tar.gz -C /opt/module/
2.修改配置
cd kibana-6.3.1-linux-x86_64/config
vi kibana.yml
主要修改以下配置
3.啓動kibana
./kibana
在進入kibana之前。查看log數據是否存入到ES中,並且查看是否ES中創建了對應的索引。
說明數據已經在es中。kibana只是把數據可視化並進行分析
點這裏創建相對應的索引,這裏選擇currentDateTime
然後這裏一次在創建error-log-*的索引。
創建之後,就可以在Discover中查看相對應額數據
注意,當沒有出現數據時,一定要選對時間